The distant entry trojan (RAT) referred to as Remcos RAT has been discovered being propagated through webhards by disguising it as adult-themed video games in South Korea.
WebHard, quick for internet laborious drive, is a well-liked on-line file storage system used to add, obtain, and share information within the nation.
Whereas webhards have been used up to now to ship njRAT, UDP RAT, and DDoS botnet malware, the AhnLab Safety Emergency Response Heart’s (ASEC) newest evaluation exhibits that the approach has been adopted to distribute Remcos RAT.
In these assaults, customers are tricked into opening booby-trapped information by passing them off as grownup video games, which, when launched, execute malicious Visible Fundamental scripts as a way to run an intermediate binary named “ffmpeg.exe.”
This ends in the retrieval of Remcos RAT from an actor-controlled server.
A classy RAT, Remcos (aka Distant Management and Surveillance) facilitates unauthorized distant management and surveillance of compromised hosts, enabling menace actors to exfiltrate delicate information.
This malware, though initially marketed by Germany-based agency Breaking Safety in 2016 as a bonafide distant administration device, has metamorphosed right into a potent weapon wielded by adversaries actors to infiltrate programs and set up unfettered management.
“Remcos RAT has advanced right into a malicious device employed by menace actors throughout varied campaigns,” Cyfirma famous in an evaluation in August 2023.
“The malware’s multifunctional capabilities, together with keylogging, audio recording, screenshot seize, and extra, spotlight its potential to compromise consumer privateness, exfiltrate delicate information, and manipulate programs. The RAT’s skill to disable Person Account Management (UAC) and set up persistence additional amplifies its potential impression.”